AVG (AU\/NZ)\u2019s Guide To Password Best Practice <\/p>\n
Melbourne and Amsterdam, 17 August 2010. It’s sad fact, but people don’t take passwords seriously enough. You could almost write a comedy sketch about the ‘obvious’ passwords that so many people use. A password consisting of the numbers \u201cone to 10\u201d is not uncommon, as is simply the word “password” or “admin” or the user’s first name. Last year, 20,000 Yahoo, AOL and Hotmail passwords were hacked only to find the most popular password was \u2018123456\u2019! <\/p>\n
Lloyd Borrett, Security Evangelist for AVG (AU\/NZ) says, \u201cUsing the name of your first pet or school, your birth date or your mother’s maiden name, is not smart either as this information is often favoured by banks as a means of identifying you. Putting it out digitally in any form (even if that is onto a comparatively secure website or not) is simply not good sense.\u201d <\/p>\n
“To continue reading this piece, please enter a password. If you do not have a password please create one now of at least eight characters in length. Please use a combination of CAPS and lowercase letters and numbers.” <\/p>\n
How familiar is that? How many times do we see those instructions and just blindly type in something meaningless so that we can continue surfing? <\/p>\n
Borrett continues, \u201cThe problem is that there are so many \u2019light\u2019 password gateways today. Web sites seek to create ‘sticky’ pages that users will repeatedly revisit by offering password access only. But these gateways obfuscate the importance of the \u2018heavy\u2019 passwords that you need to keep close to your chest and that you need to create intelligently. <\/p>\n
\u201cJust to be clear, there is no industry de facto term that defines a \u2018heavy\u2019 password \u2013 we are simply drawing a distinction between a casually used password that might for example let you view an online news item, to that of your online banking password which should be ultra-robust and definitely not the same as the one you use to access social networking sites like Facebook.\u201c<\/p>\n
So What Makes a Good Password? <\/p>\n
Firstly and most importantly of all, a good password is a password you can stick with. You do not have to change your password every 90 days (or however often you have been advised) but you could do. There are no ground rules on this one and the jury is out from a technical perspective as to whether this process simply opens up more hacker gateways or whether it closes them down.<\/p>\n
What is important is that you are supremely obscure. Don’t use any of the cardinal numbers in order, even if you start at 3, 4, 5. Don’t even use them in sequence as in 3, 5, 7. Use them backwards and interspersed with letters (both upper and lower case) and characters from the top line of your keyboard such as !, #, – and *, for example.<\/p>\n
But that is just the start. If a hacker has managed to steal a copy of your password, it is most likely that he or she will only have an encrypted value of your password. The hacker will start using password hacker systems, which will initially attempt to use human language dictionaries and human behaviour logic to crack your secret code. <\/p>\n
So be as illogical as you possibly can be. Don’t use the word \u2018frogspawn\u2019 when you could use \u2018spawnfrog\u2019 and so on.<\/p>\n
\u201cCarrying that ‘illogical’ theme forward, use your brain to outwit any computer password hacking software. Humans are visual thinkers, so this means we can visualise clearly in our own heads something that might not be part of the real world,\u201d Borrett says. <\/p>\n
\u201cHave you even seen a purple elephant? Neither have I, so that’s a good image \u2013 and therefore a good phrase to use. Why stop at purple, let’s choose a more creative colour such as ochre, fuchsia or puce. Why stop at elephants, let’s choose echidnas, possums, wombats and so on.<\/p>\n
\u201cOf course, some security experts say that we shouldn\u2019t use any dictionary words from any language in a password. One way around this is to use product names and numbers instead. Most of us can easily visualise obscure products we own (e.g. scuba diving regulator) and recall its product number (e.g. Apeks XTX200). Then we just mangle the product number a bit.<\/p>\n
\u201cSo let’s be clear \u2013 we are not saying that \u2018OchrE59EchIdnA18!*\u2019 or \u2018ApEx!xtx-2o0\u2019 are not the best passwords you’ll ever come up with, but it’s certainly going to help you if you think along these lines,\u201d Borrett concludes.<\/p>\n
Seven Steps To Password Perfection: <\/p>\n
1. Don’t use cardinal numbers in order: 1,2,3,4,5 etc. is not clever.<\/p>\n
2. Think illogically; computers rely on logic to operate.<\/p>\n
3. Be obtuse, think outside the box, invent a new word!<\/p>\n
4. Never use your mother’s maiden name or any password that your bank might use.<\/p>\n
5. Mix keyboard characters such as the asterisk with letters and numbers.<\/p>\n
6. Use a mixture of upper and lower case letters.<\/p>\n
7. Always change default passwords from ‘password’ or ‘admin’.<\/p>\n
And lastly and very importantly NEVER tick the \u2018remember this password\u2019 box. <\/p>\n
AVG (AU\/NZ) has a comprehensive range of security tips for home and business users on its web site at www.avg.com.au\/resources\/security-tips\/. <\/p>\n
About AVG (AU\/NZ) Pty Ltd \u2014 www.avg.com.au<\/p>\n
Based in Melbourne, AVG (AU\/NZ) Pty Ltd distributes the AVG range of Anti-Virus and Internet Security products in Australia, New Zealand and the South Pacific. AVG software solutions provide complete real-time protection against the malware, viruses, spam, spyware, adware, worms, Trojans, phishing and exploits used by cyber-criminals, hackers, scammers and identity thieves. AVG protects everything important and personal inside computers \u2014 documents, account details and passwords, music, photos and more \u2014 all while allowing users to work, bank, shop and play games online in safety. <\/p>\n
AVG provides outstanding technical solutions and exceptional value for consumers, small to medium business and enterprise clients. AVG delivers always-on, always up-to-date protection across desktop, and notebook PCs, plus file and e-mail servers in the home and at work in SMBs, corporations, government agencies and educational institutions. <\/p>\n","protected":false},"excerpt":{"rendered":"
AVG (AU\/NZ)\u2019s Guide To Password Best Practice Melbourne and Amsterdam, 17 August 2010. It’s sad fact, but people don’t take passwords seriously enough. You could almost write a comedy sketch about the ‘obvious’ passwords that so many people use. A password consisting of the numbers \u201cone to 10\u201d is not uncommon, as is simply the<\/p>\n